feat: reverse shares (#86)

* add first concept * add reverse share funcionality to frontend * allow creator to limit share expiration * moved reverse share in seperate module * add table to manage reverse shares * delete complete share if reverse share was deleted * optimize function names * add db migration * enable reverse share email notifications * fix config variable descriptions * fix migration for new installations
2023-01-26 13:44:04 +01:00
parent 1ceb07b89e
commit 4a5fb549c6
43 changed files with 1456 additions and 280 deletions
--- a/backend/src/share/guard/createShare.guard.ts
+++ b/backend/src/share/guard/createShare.guard.ts
@@ -0,0 +1,29 @@
+import { ExecutionContext, Injectable } from "@nestjs/common";
+import { JwtGuard } from "src/auth/guard/jwt.guard";
+import { ConfigService } from "src/config/config.service";
+import { ReverseShareService } from "src/reverseShare/reverseShare.service";
+
+@Injectable()
+export class CreateShareGuard extends JwtGuard {
+  constructor(
+    configService: ConfigService,
+    private reverseShareService: ReverseShareService
+  ) {
+    super(configService);
+  }
+
+  async canActivate(context: ExecutionContext): Promise<boolean> {
+    if (await super.canActivate(context)) return true;
+
+    const reverseShareTokenId = context.switchToHttp().getRequest()
+      .cookies.reverse_share_token;
+
+    if (!reverseShareTokenId) return false;
+
+    const isReverseShareTokenValid = await this.reverseShareService.isValid(
+      reverseShareTokenId
+    );
+
+    return isReverseShareTokenValid;
+  }
+}
--- a/backend/src/share/share.controller.ts
+++ b/backend/src/share/share.controller.ts
@@ -6,24 +6,31 @@ import {
  HttpCode,
  Param,
  Post,
+  Req,
  UseGuards,
 } from "@nestjs/common";
 import { Throttle } from "@nestjs/throttler";
 import { User } from "@prisma/client";
+import { Request } from "express";
 import { GetUser } from "src/auth/decorator/getUser.decorator";
 import { JwtGuard } from "src/auth/guard/jwt.guard";
+import { ConfigService } from "src/config/config.service";
 import { CreateShareDTO } from "./dto/createShare.dto";
 import { MyShareDTO } from "./dto/myShare.dto";
 import { ShareDTO } from "./dto/share.dto";
 import { ShareMetaDataDTO } from "./dto/shareMetaData.dto";
 import { SharePasswordDto } from "./dto/sharePassword.dto";
+import { CreateShareGuard } from "./guard/createShare.guard";
 import { ShareOwnerGuard } from "./guard/shareOwner.guard";
 import { ShareSecurityGuard } from "./guard/shareSecurity.guard";
 import { ShareTokenSecurity } from "./guard/shareTokenSecurity.guard";
 import { ShareService } from "./share.service";
@Controller("shares")
 export class ShareController {
-  constructor(private shareService: ShareService) {}
+  constructor(
+    private shareService: ShareService,
+    private config: ConfigService
+  ) {}

  @Get()
  @UseGuards(JwtGuard)
@@ -46,9 +53,16 @@ export class ShareController {
  }

  @Post()
-  @UseGuards(JwtGuard)
-  async create(@Body() body: CreateShareDTO, @GetUser() user: User) {
-    return new ShareDTO().from(await this.shareService.create(body, user));
+  @UseGuards(CreateShareGuard)
+  async create(
+    @Body() body: CreateShareDTO,
+    @Req() request: Request,
+    @GetUser() user: User
+  ) {
+    const { reverse_share_token } = request.cookies;
+    return new ShareDTO().from(
+      await this.shareService.create(body, user, reverse_share_token)
+    );
  }

  @Delete(":id")
@@ -59,11 +73,15 @@ export class ShareController {

  @Post(":id/complete")
  @HttpCode(202)
-  @UseGuards(JwtGuard, ShareOwnerGuard)
-  async complete(@Param("id") id: string) {
-    return new ShareDTO().from(await this.shareService.complete(id));
+  @UseGuards(CreateShareGuard, ShareOwnerGuard)
+  async complete(@Param("id") id: string, @Req() request: Request) {
+    const { reverse_share_token } = request.cookies;
+    return new ShareDTO().from(
+      await this.shareService.complete(id, reverse_share_token)
+    );
  }

+  @Throttle(10, 60)
  @Get("isShareIdAvailable/:id")
  async isShareIdAvailable(@Param("id") id: string) {
    return this.shareService.isShareIdAvailable(id);
--- a/backend/src/share/share.module.ts
+++ b/backend/src/share/share.module.ts
@@ -3,6 +3,7 @@ import { JwtModule } from "@nestjs/jwt";
 import { ClamScanModule } from "src/clamscan/clamscan.module";
 import { EmailModule } from "src/email/email.module";
 import { FileModule } from "src/file/file.module";
+import { ReverseShareModule } from "src/reverseShare/reverseShare.module";
 import { ShareController } from "./share.controller";
 import { ShareService } from "./share.service";

@@ -11,6 +12,7 @@ import { ShareService } from "./share.service";
    JwtModule.register({}),
    EmailModule,
    ClamScanModule,
+    ReverseShareModule,
    forwardRef(() => FileModule),
  ],
  controllers: [ShareController],
--- a/backend/src/share/share.service.ts
+++ b/backend/src/share/share.service.ts
@@ -15,6 +15,7 @@ import { ConfigService } from "src/config/config.service";
 import { EmailService } from "src/email/email.service";
 import { FileService } from "src/file/file.service";
 import { PrismaService } from "src/prisma/prisma.service";
+import { ReverseShareService } from "src/reverseShare/reverseShare.service";
 import { CreateShareDTO } from "./dto/createShare.dto";

@Injectable()
@@ -25,10 +26,11 @@ export class ShareService {
    private emailService: EmailService,
    private config: ConfigService,
    private jwtService: JwtService,
+    private reverseShareService: ReverseShareService,
    private clamScanService: ClamScanService
  ) {}

-  async create(share: CreateShareDTO, user?: User) {
+  async create(share: CreateShareDTO, user?: User, reverseShareToken?: string) {
    if (!(await this.isShareIdAvailable(share.id)).isAvailable)
      throw new BadRequestException("Share id already in use");

@@ -39,30 +41,36 @@ export class ShareService {
      share.security.password = await argon.hash(share.security.password);
    }

-    // We have to add an exception for "never" (since moment won't like that)
    let expirationDate: Date;
-    if (share.expiration !== "never") {
-      expirationDate = moment()
-        .add(
-          share.expiration.split("-")[0],
-          share.expiration.split(
-            "-"
-          )[1] as moment.unitOfTime.DurationConstructor
-        )
-        .toDate();

-      // Throw error if expiration date is now
-      if (expirationDate.setMilliseconds(0) == new Date().setMilliseconds(0))
-        throw new BadRequestException("Invalid expiration date");
+    // If share is created by a reverse share token override the expiration date
+    if (reverseShareToken) {
+      const { shareExpiration } = await this.reverseShareService.getByToken(
+        reverseShareToken
+      );
+
+      expirationDate = shareExpiration;
    } else {
-      expirationDate = moment(0).toDate();
+      // We have to add an exception for "never" (since moment won't like that)
+      if (share.expiration !== "never") {
+        expirationDate = moment()
+          .add(
+            share.expiration.split("-")[0],
+            share.expiration.split(
+              "-"
+            )[1] as moment.unitOfTime.DurationConstructor
+          )
+          .toDate();
+      } else {
+        expirationDate = moment(0).toDate();
+      }
    }

    fs.mkdirSync(`./data/uploads/shares/${share.id}`, {
      recursive: true,
    });

-    return await this.prisma.share.create({
+    const shareTuple = await this.prisma.share.create({
      data: {
        ...share,
        expiration: expirationDate,
@@ -75,6 +83,18 @@ export class ShareService {
        },
      },
    });
+
+    if (reverseShareToken) {
+      // Assign share to reverse share token
+      await this.prisma.reverseShare.update({
+        where: { token: reverseShareToken },
+        data: {
+          shareId: share.id,
+        },
+      });
+    }
+
+    return shareTuple;
  }

  async createZip(shareId: string) {
@@ -96,10 +116,15 @@ export class ShareService {
    await archive.finalize();
  }

-  async complete(id: string) {
+  async complete(id: string, reverseShareToken?: string) {
    const share = await this.prisma.share.findUnique({
      where: { id },
-      include: { files: true, recipients: true, creator: true },
+      include: {
+        files: true,
+        recipients: true,
+        creator: true,
+        reverseShare: { include: { creator: true } },
+      },
    });

    if (await this.isShareCompleted(id))
@@ -118,16 +143,34 @@ export class ShareService {

    // Send email for each recepient
    for (const recepient of share.recipients) {
-      await this.emailService.sendMail(
+      await this.emailService.sendMailToShareRecepients(
        recepient.email,
        share.id,
        share.creator
      );
    }

+    if (
+      share.reverseShare &&
+      this.config.get("SMTP_ENABLED") &&
+      share.reverseShare.sendEmailNotification
+    ) {
+      await this.emailService.sendMailToReverseShareCreator(
+        share.reverseShare.creator.email,
+        share.id
+      );
+    }
+
    // Check if any file is malicious with ClamAV
    this.clamScanService.checkAndRemove(share.id);

+    if (reverseShareToken) {
+      await this.prisma.reverseShare.update({
+        where: { token: reverseShareToken },
+        data: { used: true },
+      });
+    }
+
    return await this.prisma.share.update({
      where: { id },
      data: { uploadLocked: true },